Astra Linux - уязвимость в firefox, thunderbird

A crafted URL containing Arabic script and whitespace characters could potentially hide the true origin of the page, leading to a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Summary happy-dom may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from origin A to destination B. Details In packages/happy-dom/src/fetch/utilities/FetchRequestHeaderUtility.ts...

CVE-2026-34226

Technical details about CVE-2026-34226 are not publicly provided in the supplied documents. Monitor for updates on affected versions, root cause, and remediation.

CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

DEBIAN-CVE-2024-11695

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

CVE-2024-11695

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Unspecified Vulnerability in Google Chrome Navigation

Google Chrome is a web browser developed by Google, Inc.Navigation is one of the browser navigation modules. A security vulnerability exists in Navigation in Google Chrome versions prior to 71.0.3578.80. A remote attacker can exploit this vulnerability by means of a specially crafted HTML page th...

DEBIAN-CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

UBUNTU-CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

CVE-2018-20067

CVE-2018-20067 affects Google Chrome prior to 71.0.3578.80 in the browser’s Navigation/renderer flow. A crafted HTML page can cause a renderer-initiated back navigation to incorrectly cancel a browser-initiated navigation, enabling a remote attacker to confuse users about the origin of the curren...